Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS214914.roa
File:                     AS214914.roa (raw, json)
Hash identifier:          +EXjyL1JMMs6RqRxZfu5KWx3wsUF8Hlny1wQ3JpWtx4=
Subject key identifier:   03:68:D8:5D:57:A7:67:47:79:4C:2A:27:3F:D4:DA:68:E8:B1:53:A2
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       796B4503B1604A3331D12C080023552E68CCB802
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS214914.roa
Signing time:             Thu 05 Jun 2025 05:37:22 +0000
ROA not before:           Thu 05 Jun 2025 05:32:22 +0000
ROA not after:            Thu 04 Jun 2026 05:37:22 +0000
asID:                     214914
IP address blocks:        2a13:9500:80::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 07 Jun 2025 15:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            79:6b:45:03:b1:60:4a:33:31:d1:2c:08:00:23:55:2e:68:cc:b8:02
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Jun  5 05:32:22 2025 GMT
            Not After : Jun  4 05:37:22 2026 GMT
        Subject: CN=0368D85D57A76747794C2A273FD4DA68E8B153A2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:95:8c:da:3a:9b:75:59:cb:32:df:5c:f3:75:
                    4c:71:8f:82:5d:27:39:99:c7:bb:83:ad:db:c6:e3:
                    41:7f:79:d4:d1:89:d6:d0:61:98:07:27:2b:85:d3:
                    e9:a3:78:1f:1d:cb:6e:00:2f:50:49:48:a3:25:8d:
                    de:59:95:05:5f:36:c2:b7:21:8a:d5:7c:70:30:28:
                    f9:b2:96:b5:8e:b5:ba:2c:8c:31:27:95:af:ee:ea:
                    fc:92:91:f6:88:84:9d:b8:87:ff:45:ce:33:07:94:
                    c3:3f:f4:3c:9f:a7:ab:98:5f:df:07:da:5c:a3:5e:
                    be:ee:d4:47:d3:de:47:8b:97:6b:92:2e:69:2b:3a:
                    81:3f:38:59:66:a0:43:4e:c7:e6:b9:83:45:cd:bb:
                    db:6d:99:f2:db:cf:dd:a7:7e:a0:e1:50:0b:78:26:
                    5b:6d:be:3c:61:9e:13:32:73:9f:d9:04:dc:a3:21:
                    13:0f:97:b1:42:47:9c:00:87:dc:36:91:f8:fb:cc:
                    2b:26:66:ec:95:f6:ac:e7:61:b5:1d:0d:ad:93:8f:
                    b2:84:ac:98:f4:60:84:3b:02:86:b8:63:02:ee:91:
                    ef:44:4b:c5:20:1c:30:c6:52:5f:2b:2a:b0:3f:7e:
                    10:55:3f:20:e0:1f:bf:26:b0:4e:5d:9f:df:38:67:
                    3a:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                03:68:D8:5D:57:A7:67:47:79:4C:2A:27:3F:D4:DA:68:E8:B1:53:A2
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS214914.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:9500:80::/48

    Signature Algorithm: sha256WithRSAEncryption
         28:87:a7:d4:64:d0:16:28:8c:76:94:06:ee:e7:cc:d7:a0:5e:
         d4:46:d3:ae:ff:b9:11:35:85:a0:ad:77:56:0d:e3:b4:9b:f9:
         37:17:65:15:95:e6:18:78:10:75:f5:5f:aa:cf:ca:2a:fe:b1:
         fe:ed:3f:29:f6:5c:b7:f1:4c:4b:6d:9b:74:1f:06:dc:fa:40:
         5e:59:c2:06:d1:cf:6f:bd:53:00:70:1c:50:fb:cf:b4:39:65:
         dd:44:7f:f2:8a:99:87:62:20:19:53:f6:58:b8:5d:7d:d1:06:
         17:55:50:f7:f1:43:19:4b:e2:6f:9b:43:56:76:13:e8:39:55:
         ca:e3:63:54:ab:94:fd:82:ef:87:b9:d1:5b:7f:86:7e:45:df:
         77:2d:c4:40:a5:0e:b0:51:ec:e8:c0:12:37:de:aa:a8:ba:d8:
         e6:74:5c:f8:34:f5:de:19:d4:b3:3b:07:ea:70:4f:ba:b2:1f:
         6f:f7:a5:c8:d7:90:fc:9f:7a:f9:02:4c:88:9b:d9:14:f1:88:
         de:7b:78:e9:6c:d6:0d:52:65:4f:09:4f:35:e4:27:c6:33:70:
         1a:4e:24:4f:40:36:f5:42:12:18:f8:cf:05:e3:e0:6d:c8:ec:
         07:19:c8:e6:28:f3:e0:93:c0:1b:28:9b:ca:83:66:be:d4:96:
         bc:12:e5:f1
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUeWtFA7FgSjMx0SwIACNVLmjMuAIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNTA2MDUwNTMyMjJaFw0yNjA2MDQwNTM3MjJaMDMxMTAvBgNV
BAMTKDAzNjhEODVENTdBNzY3NDc3OTRDMkEyNzNGRDREQTY4RThCMTUzQTIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCqlYzaOpt1Wcsy31zzdUxxj4Jd
JzmZx7uDrdvG40F/edTRidbQYZgHJyuF0+mjeB8dy24AL1BJSKMljd5ZlQVfNsK3
IYrVfHAwKPmylrWOtbosjDEnla/u6vySkfaIhJ24h/9FzjMHlMM/9Dyfp6uYX98H
2lyjXr7u1EfT3keLl2uSLmkrOoE/OFlmoENOx+a5g0XNu9ttmfLbz92nfqDhUAt4
JlttvjxhnhMyc5/ZBNyjIRMPl7FCR5wAh9w2kfj7zCsmZuyV9qznYbUdDa2Tj7KE
rJj0YIQ7Aoa4YwLuke9ES8UgHDDGUl8rKrA/fhBVPyDgH78msE5dn984ZzoBAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUA2jYXVenZ0d5TConP9TaaOixU6IwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMjE0OTE0LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhOV
AACAMA0GCSqGSIb3DQEBCwUAA4IBAQAoh6fUZNAWKIx2lAbu58zXoF7URtOu/7kR
NYWgrXdWDeO0m/k3F2UVleYYeBB19V+qz8oq/rH+7T8p9ly38UxLbZt0Hwbc+kBe
WcIG0c9vvVMAcBxQ+8+0OWXdRH/yipmHYiAZU/ZYuF190QYXVVD38UMZS+Jvm0NW
dhPoOVXK42NUq5T9gu+HudFbf4Z+Rd93LcRApQ6wUezowBI33qqoutjmdFz4NPXe
GdSzOwfqcE+6sh9v96XI15D8n3r5AkyIm9kU8Yjee3jpbNYNUmVPCU815CfGM3Aa
TiRPQDb1QhIY+M8F4+BtyOwHGcjmKPPgk8AbKJvKg2a+1Ja8EuXx
-----END CERTIFICATE-----